24th May, Cluj-Napoca

Application Development Security Training

Early bird price: 990 RON + TVA (Full price: 1290 RON +TVA)

Offer available until 28 April 2017
Register your team

This training is for every developer interested in writing more secure code. If you design applications, build, or even test solutions, this training is for you.

Here’s what your team will get

Access to the seminar

This seminar is full of real-life examples, findings from studies and practical approaches your team will find useful to know in order to protect their code and applications.

Full slides and additional resources

After the seminar they will get access to all the slides presented. They will also get some extra resources: materials and tools to put your knowledge into practice.

Ask the expert

During and after the seminar they will be able to ask questions from our security expert with over 10 years of experience in the field of security.

Essential topics covered

Intro: an overview on the Windows Security (from the architecture point of view) like processes, threads, tokens, impersonation, delegation, kernel objects.

The pillars: Reconnaissance, Scanning, Gaining Access, Elevation of privileges, Attacking and removing the traces

How can we look for vulnerabilities

  • DoS, Buffer overflow, Malformed or Malicious input
  • This is where I talk about SQL Injection, XSS, etc.

How to become and what can do a man in the middle

  • Wired/wireless networks
  • Network Poisoning / Spoofing
  • Repudiation

How to elevate the privileges

  • Token related discussions, etc.

How can we look for vulnerabilities

The pragmatic point of view: Threat Modeling and the SDL process

  • What is, how does it work, the pillars

Certificates: how do they work, the good and bad practices

The developer best and worst practices

Why should you care about Security ?

Whatever developer or IT topic you work with, security is something you should always be aware of. There are many false preconceptions which should be debunked.

Myth #1

You can add security after the project is done

Most people believe they can add security after the project is finished. This is not true. There are famous cases where projects have been abandoned because the architecture suffered from security issues that could not be adjusted anymore.

Myth #2

Security should only commissioned to penetration testers

Others believe that security should be only commissioned to penetration testers. Again, this is not true. While penetration testing helps, these are activities from the attacker perspective that only reveal a part of the problem. There are still many things that can be done in the role of defenders with the full knowledge of the architecture and design of the application.

Myth #3

Just follow best practices

Another false myth is that best practices and some kind of expert wizardry are the way to protect application vulnerabilities. Again, these are useful but the right way to conduct all the practices is to create a threat model, a process that reveal the potential vulnerabilities and give back a risk analysis that is extremely useful to evaluate the priorities.

What this training offers for you and your team

Security should never be just an afterthought

Recent IT security studies show that it takes 200 days on average to detect a security breach, and another 80 days to recover from it.
The need for secure systems is now more acute than ever. Your clients demand that you build secure solutions, and they see it as a right, not a privilege. More often than not later security fixes often become expensive.
Mastering a set of techniques and ways necessary to writing code that make hackers’ lives more difficult and defend applications against attacks is essential for every business.

From theory to practice

After covering the most important theory concepts on the Windows, networking and security architecture, in this seminar we walk through the typical attacks against applications to examine the security issues from both the attacker and the defender perspectives.

For each of the typical steps conducted by an attacker to reach your assets, we will see what can be done from the defender perspective. We will analyze each step and see what can be done in the infrastructure, in the application and which synergy is needed to make everything effective.

Meet the Trainer

Raffaele Rialdi Application Development Security training

Raffaele Rialdi

Senior Software Architect, Developer Security MVP

Raffaele Rialdi is a senior Software Architect working as a consultant, speaker and trainer. Since 2003, he is a Microsoft MVP in the Developer Security category and part of the Microsoft Developer Guidance Advisory Council. His passion for the community brought him to be member of the board of UGIdotNET, president of DotNetLiguria and co-founder of the Italian C++ user group.

Currently he is working as architect and developer on the backend of an enterprise project and working on cross-platform mobile development in both C# and C++ languages.

Application Development Security Training

Learn from the expert how to protect and secure your applications to withstand attacks.

Register your team